Cryptography

13 pages, 351 KB

Open AccessArticle

Relaxation of Strict Avalanche Criterion on All SHA-256 Sub-Function Combinations

by Riley Vaughn and Mike Borowczak

Cryptography 2026, 10(3), 32; https://doi.org/10.3390/cryptography10030032 - 13 May 2026

A cryptographic hash function should dissipate patterns, such that highly related inputs are transformed into unrelated outputs. This property, known as diffusion, has been effectively measured on SHA-256 via the Strict Avalanche Criterion (SAC) throughout the 64 rounds of compression. Additionally, variants of [...] Read more.

A cryptographic hash function should dissipate patterns, such that highly related inputs are transformed into unrelated outputs. This property, known as diffusion, has been effectively measured on SHA-256 via the Strict Avalanche Criterion (SAC) throughout the 64 rounds of compression. Additionally, variants of SHA-256 with individual sub-functions removed have previously been tested. In this study, the previous work is expanded; all combinations of the seven SHA-256 sub-functions are tested for SAC, throughout the 64 rounds of compression. The threshold as to whether a variant passes the SAC is calculated with the Bonferroni Method, which results in a relaxed threshold as compared to previous measures. The SAC of each sub-function variant is compared with the SAC of variants with shared sub-functions. The sub-functions

Σ_{1}

, Integer Addition, Choose, and Message Scheduler are found to consistently contribute to SAC at the earliest rounds, throughout all combinations. Full article

► Show Figures

Figure 1

28 pages, 1515 KB

Open AccessFeature PaperArticle

Q-DP-GAN: Improving EEG Data Privacy Through Quantum-Inspired Differential Privacy-Based GAN

by Shouvik Paul and Garima Bajwa

Cryptography 2026, 10(3), 31; https://doi.org/10.3390/cryptography10030031 - 11 May 2026

Abstract

Electroencephalography (EEG)-based brain–computer interface (BCI) systems pose significant privacy risks, as EEG data remain vulnerable to inference and reconstruction attacks. Conventional privacy-preserving techniques, including data anonymization, encryption, and perturbation, frequently compromise data utility or prove ineffective against advanced adversaries. To address these limitations [...] Read more.

Electroencephalography (EEG)-based brain–computer interface (BCI) systems pose significant privacy risks, as EEG data remain vulnerable to inference and reconstruction attacks. Conventional privacy-preserving techniques, including data anonymization, encryption, and perturbation, frequently compromise data utility or prove ineffective against advanced adversaries. To address these limitations and balance utility and privacy, we propose a quantum-inspired, differential privacy-based generative adversarial network (Q-DP-GAN). Unlike classical GANs, which lack adaptive privacy mechanisms during training, our method uses quantum-inspired stochasticity to dynamically calibrate noise and the privacy budget. The experimental results demonstrate that Q-DP-GAN is more robust to membership inference and reconstruction attacks than existing approaches. Evaluation on the widely used BCI Competition IV Datasets 2A and 2B indicates that our framework produces high-quality synthetic EEG data while maintaining utility and data confidentiality for BCI classification tasks. Full article

► Show Figures

Figure 1

68 pages, 5976 KB

Open AccessArticle

A Hybrid Module-LWE and Hash-Based Framework for Memory-Efficient Post-Quantum Key Encapsulation

by Elmin Marevac, Esad Kadušić, Nataša Živić, Sanela Nesimović and Christoph Ruland

Cryptography 2026, 10(3), 30; https://doi.org/10.3390/cryptography10030030 - 3 May 2026

Abstract

Deploying post-quantum cryptography on highly constrained devices remains challenging due to the large key sizes and substantial storage and memory-traffic demands of leading lattice-based schemes. Although constructions such as Kyber, Dilithium, and NTRU offer strong resistance against quantum adversaries, their multi-kilobyte public keys [...] Read more.

Deploying post-quantum cryptography on highly constrained devices remains challenging due to the large key sizes and substantial storage and memory-traffic demands of leading lattice-based schemes. Although constructions such as Kyber, Dilithium, and NTRU offer strong resistance against quantum adversaries, their multi-kilobyte public keys and intensive memory access patterns limit practical adoption in microcontrollers, smart cards, and low-power edge environments. This work proposes a hybrid key-encapsulation mechanism that integrates a compact, seed-generated Module-LWE structure with a quantum-secure hash-based authentication layer. The design employs a small public seed to instantiate lattice matrices on demand via a lightweight pseudorandom generator and incorporates a Merkle-tree commitment to represent compressed auxiliary error information. Additional design considerations—including sparsity-aware secret keys, SIMD-friendly polynomial operations, and cache-efficient decryption paths—are intended to reduce runtime memory usage and computational overhead. The security of the proposed construction is analysed under both Module-LWE and hash-based one-way assumptions, with further consideration of constant-time execution and cache-line alignment to mitigate side-channel risks. This hybrid approach outlines a design pathway toward post-quantum key-encapsulation mechanisms suitable for deployment on memory-limited and energy-constrained platforms. Full article

(This article belongs to the Special Issue Advances in Post-Quantum Cryptography)

► Show Figures

Figure 1

18 pages, 373 KB

Open AccessArticle

Space-Efficient Secret Sharing Based on Matrix Normal Forms

by Eckhard Pfluegel, Razi Arshad and Mark Jones

Cryptography 2026, 10(3), 29; https://doi.org/10.3390/cryptography10030029 - 30 Apr 2026

Abstract

Secret sharing schemes distribute a secret among participants so that only authorised subsets can reconstruct it. In this paper, we focus on space-efficient secret sharing and show that matrix normal forms can significantly reduce share sizes while achieving computational security properties. Our scheme [...] Read more.

Secret sharing schemes distribute a secret among participants so that only authorised subsets can reconstruct it. In this paper, we focus on space-efficient secret sharing and show that matrix normal forms can significantly reduce share sizes while achieving computational security properties. Our scheme is implemented within an online secret sharing architecture, where authenticated public data P is maintained and shares of private data Q are issued over a secure channel. We study an existing probabilistic matrix-based approach to share size reduction and prove that the expected number of iterations of the underlying cyclic vector algorithm is small, yielding an expected polynomial runtime. We then design a novel deterministic method based on the Frobenius canonical normal form, avoiding reliance on cyclic vector techniques, and derive its runtime complexity. This yields a space-efficient secret sharing scheme that is computationally secure under a suitably defined adversary model. We have implemented our algorithm in the computer algebra system Maple as an Open Source project and provide an evaluation of its performance. Our results demonstrate that matrix normal forms can provide a suitable mathematical framework for secure and practical secret sharing. Full article

► Show Figures

Figure 1

21 pages, 439 KB

Open AccessArticle

A Post-Quantum End-to-End Secure Protocol for Instant Messaging Applications

by Alfonso F. De Abiega-L’Eglisse, Kevin A. Delgado-Vargas, Humberto A. Ortega Alcocer, Gina Gallegos-García and Eliseo Sarmiento-Rosales

Cryptography 2026, 10(3), 28; https://doi.org/10.3390/cryptography10030028 - 23 Apr 2026

Abstract

Modern instant messaging systems require end-to-end (E2E) security guarantees while operating over server-mediated infrastructures that cannot be fully trusted. At the same time, the impending transition to post-quantum cryptography raises nontrivial challenges for the design of secure messaging protocols that preserve these guarantees. [...] Read more.

Modern instant messaging systems require end-to-end (E2E) security guarantees while operating over server-mediated infrastructures that cannot be fully trusted. At the same time, the impending transition to post-quantum cryptography raises nontrivial challenges for the design of secure messaging protocols that preserve these guarantees. In this work, we present the design of a post-quantum end-to-end secure protocol for instant messaging applications under an untrusted relay model. The proposed construction relies on lattice-based primitives standardized by NIST, namely ML-KEM for key establishment and ML-DSA for authentication, and follows a Double-KEM pattern combined with explicit context binding to derive an E2E session key known only to the communicating clients. The server acts solely as an authenticated relay and never gains access to plaintext messages or session keys. In addition to the protocol design, we complement the protocol description with an automated symbolic verification using ProVerif, establishing injective mutual authentication and session-key secrecy under a Dolev–Yao adversary model. Finally, we characterize the computational cost of different authentication and verification policies and evaluate the performance of the handshake on heterogeneous cloud-based architectures. The results provide practical insight into the feasibility of deploying post-quantum end-to-end secure protocols within existing instant messaging infrastructures. Full article

► Show Figures

Figure 1

25 pages, 857 KB

Open AccessReview

Polynomial Commitment Schemes from Classical Constructions to Post-Quantum Directions

by Maksim Iavich, Tamari Kuchukhidze and Razvan Bocu

Cryptography 2026, 10(2), 27; https://doi.org/10.3390/cryptography10020027 - 20 Apr 2026

Abstract

Polynomial commitment schemes (PCS) enable a prover to commit to a polynomial and later reveal evaluations with succinct, verifiable proofs. As critical components of modern cryptographic systems like Verkle trees and zk-SNARKs, these methods are experiencing a significant transition from classical to post-quantum [...] Read more.

Polynomial commitment schemes (PCS) enable a prover to commit to a polynomial and later reveal evaluations with succinct, verifiable proofs. As critical components of modern cryptographic systems like Verkle trees and zk-SNARKs, these methods are experiencing a significant transition from classical to post-quantum designs. This comprehensive research systematically compares the major scheme families to examine this progression, from pairing-based KZG and transparent Bulletproofs to lattice-based and hash-based post-quantum alternatives. We present a unified taxonomy that maps the classical-to-post-quantum transition across trust models, security assumptions, and efficiency measures after conducting a PRISMA-guided systematic review of 77 works. Our analysis reveals a fundamental trade-off between efficiency and security: classical schemes, which rely on quantum-vulnerable assumptions, provide optimal performance with constant-sized proofs, while post-quantum alternatives offer quantum resistance at the cost of larger proofs and higher computational overhead. By combining research works, we highlight recurrent problems with adaptive security, verification efficiency, and proof conciseness. We offer a specific research roadmap with prioritized short-, medium-, and long-term directions to close the performance gap between quantum-resistant and classical architectures based on our quantitative analysis. This study offers a technical reference and a strategic roadmap for constructing practical post-quantum polynomial commitments. Full article

► Show Figures

Figure 1

25 pages, 617 KB

Open AccessArticle

A Multiple User Cryptography Approach Using a One-Time User Key Model and a (1, n) Threshold Polynomial Secret Sharing

by Alessandro Caniglia, Felice Franchini, Stefano Galantucci, Giuseppe Pirlo and Gianfranco Semeraro

Cryptography 2026, 10(2), 26; https://doi.org/10.3390/cryptography10020026 - 14 Apr 2026

Abstract

Classical approaches to cryptography exhibit several limitations when applied to scenarios involving more than two users. The One-Time User Key (OTUK) meta-cryptographic model addresses these limitations by enabling multi-user encryption that is flexible, applicable to any cryptographic algorithm, and designed for systematic deployment [...] Read more.

Classical approaches to cryptography exhibit several limitations when applied to scenarios involving more than two users. The One-Time User Key (OTUK) meta-cryptographic model addresses these limitations by enabling multi-user encryption that is flexible, applicable to any cryptographic algorithm, and designed for systematic deployment without compromising system security. Each user possesses an individual key from which One-Time keys are derived; these keys feed a secret-sharing function (

ω

) that establishes the multi-user encrypted channel. In this paper, we present a polynomial-based implementation of the

ω

function under a

(1, n)

threshold model. The generated polynomial has roots at points corresponding to valid user keys and is mapped to the real encryption key. We provide a formal threat model, pseudocode for the complete protocol, and a detailed computational analysis across the numerical domains

N

,

Z

, and

R

. Furthermore, we present experimental benchmarks measuring encryption/decryption speed, scalability up to 30 users, parameter sensitivity, and a comparative evaluation against Shamir’s Secret Sharing scheme. A systematic security analysis examines partial-information attacks, derivative-root distance margins, and brute-force resistance, demonstrating that the effective security margin remains above 245 bits for configurations of up to 30 users with 256-bit keys. The proposed method offers a concrete, efficient, and secure foundation for multi-user encrypted communication in domains such as IoT, public administration, and e-health. Full article

► Show Figures

Figure 1

21 pages, 1353 KB

Open AccessArticle

Chaos Theory with AI Analysis in IoT Network Scenarios

by Antonio Francesco Gentile and Maria Cilione

Cryptography 2026, 10(2), 25; https://doi.org/10.3390/cryptography10020025 - 10 Apr 2026

Abstract

While general network dynamics have been extensively modeled using stochastic methods, the emergence of dense Internet of Things (IoT) ecosystems demands a more specialized analytical framework. IoT environments are characterized by extreme non-linearity and sensitivity to initial conditions, where traditional models often fail [...] Read more.

While general network dynamics have been extensively modeled using stochastic methods, the emergence of dense Internet of Things (IoT) ecosystems demands a more specialized analytical framework. IoT environments are characterized by extreme non-linearity and sensitivity to initial conditions, where traditional models often fail to account for chaotic latency and packet loss. This paper introduces a specialized approach that integrates Chaos Theory with the innovative paradigm of Vibe Coding—an AI-assisted development and analysis methodology that allows for the ‘encoding’ and interpretation of the dynamic ‘vibe’ or signature of network fluctuations in real-time. By categorizing network behavior into four distinct scenarios (quiescent, perturbed, attacked, and perturbed–Attacked), the proposed framework utilizes deep learning to transform chaotic signals into actionable intelligence. Our findings demonstrate that this specialized synergy between chaos analysis and Vibe Coding provides superior classification of adversarial threats, such as DoS and injection attacks, fostering intelligent native security for next-generation IoT infrastructures. Full article

(This article belongs to the Special Issue Advanced Information Security Solutions for Future and Efficient IoT, Wireless, and Localization Systems)

► Show Figures

Figure 1

19 pages, 294 KB

Open AccessArticle

Adapting the BIKE Key Encapsulation Mechanism to Memory-Constrained IoT Devices

by Dušan Čatloch, Peter Pekarčík and Eva Chovancová

Cryptography 2026, 10(2), 24; https://doi.org/10.3390/cryptography10020024 - 10 Apr 2026

Abstract

Post-quantum cryptography represents one of the most promising areas of modern cryptography. The development in this discipline significantly accelerated after it became of interest to the National Institute of Standards and Technology (NIST). One of the important research directions in this area is [...] Read more.

Post-quantum cryptography represents one of the most promising areas of modern cryptography. The development in this discipline significantly accelerated after it became of interest to the National Institute of Standards and Technology (NIST). One of the important research directions in this area is the practical deployment of post-quantum cryptographic algorithms on resource-constrained devices. In this article, we investigate the possibility of deploying post-quantum cryptography on small processors with limited random access memory (RAM) capacity. These processors are commonly used in Internet of Things (IoT) devices, where the practical deployment of post-quantum algorithms remains challenging due to computational and memory constraints. We select a suitable algorithm and perform several implementation modifications that enable its execution on microcontrollers with limited memory resources. Full article

(This article belongs to the Section Hardware Security)

22 pages, 37583 KB

Open AccessArticle

Moving-Skewness Preprocessing for Simple Power Analysis on Cryptosystems: Revealing Asymmetry in Leakage

by Zhen Li, Kexin Qiang, Yiming Yang, Zongyue Wang and An Wang

Cryptography 2026, 10(2), 23; https://doi.org/10.3390/cryptography10020023 - 3 Apr 2026

Abstract

In side-channel analysis, simple power analysis (SPA) is a widely used technique for recovering secret information by exploiting differences between operations in traces. However, in realistic measurement environments, SPA is often hindered by noise, temporal misalignment, and weak or transient leakage, which obscure [...] Read more.

In side-channel analysis, simple power analysis (SPA) is a widely used technique for recovering secret information by exploiting differences between operations in traces. However, in realistic measurement environments, SPA is often hindered by noise, temporal misalignment, and weak or transient leakage, which obscure secret-dependent features in single or very few power traces. In this paper, we provide a systematic analysis of moving-skewness-based trace preprocessing for enhancing asymmetric leakage characteristics relevant to SPA. The method computes local skewness within a moving window along the trace, transforming the original signal into a skewness trace that emphasizes distributional asymmetry while suppressing noise. Unlike conventional smoothing-based preprocessing techniques, the proposed approach preserves and can even amplify subtle leakage patterns and spike-like transient events that are often attenuated by low-pass filtering or moving-average methods. To further improve applicability under different leakage conditions, we introduce feature-driven window-selection strategies that align preprocessing parameters with various leakage characteristics. Both simulated datasets and real measurement traces collected from multiple cryptographic platforms are used to evaluate the effectiveness of the approach. The experimental results indicate that moving-skewness preprocessing improves leakage visibility and achieves higher SPA success rates compared to commonly used preprocessing methods. Full article

(This article belongs to the Section Hardware Security)

► Show Figures

Figure 1

14 pages, 770 KB

Open AccessArticle

A Searchable Encryption Scheme Based on CRYSTALS-Dilithium

by Minghui Zheng, Anqi Xiao, Shicheng Huang and Deju Kong

Cryptography 2026, 10(2), 22; https://doi.org/10.3390/cryptography10020022 - 27 Mar 2026

Abstract

With the advancement in quantum computing technology, the number theory-based hard problems underlying traditional searchable encryption algorithms are now vulnerable to efficient quantum attacks. To address this challenge, this paper proposes Dilithium-PAEKS (Dilithium-Public Authenticated Encryption with Keyword Search), a searchable encryption scheme based [...] Read more.

With the advancement in quantum computing technology, the number theory-based hard problems underlying traditional searchable encryption algorithms are now vulnerable to efficient quantum attacks. To address this challenge, this paper proposes Dilithium-PAEKS (Dilithium-Public Authenticated Encryption with Keyword Search), a searchable encryption scheme based on the post-quantum cryptographic algorithm CRYSTALS-Dilithium. By transforming the verification relationship of digital signatures into a matching relationship between trapdoors and ciphertexts, the scheme not only meets the functional requirements of searchable encryption but also demonstrates quantum resistance. The implementation enhances algorithm efficiency through keyword-based signatures and dynamic matching testing mechanisms. The security of the scheme is defined by the MLWE and MSIS hard problems, with proofs of keyword ciphertext indistinguishability and trapdoor indistinguishability under the random oracle model. Additionally, the scheme provides strong resistance against both outside and insider keyword guessing attacks through sender–receiver binding mechanisms and trapdoor indistinguishability properties. Experimental results show that, compared to the post-quantum schemes CP-Absel and LB-FSSE, the proposed scheme demonstrates superior overall computational efficiency while maintaining stronger quantum resistance than the traditional scheme SM9-PAEKS. Full article

► Show Figures

Figure 1

24 pages, 1813 KB

Open AccessArticle

Homomorphic ReLU with Full-Domain Bootstrapping

by Yuqun Lin, Yi Huang, Xiaomeng Tang, Jingjing Fan, Qifei Xu, Zoe-Lin Jiang, Xiaosong Zhang and Junbin Fang

Cryptography 2026, 10(2), 21; https://doi.org/10.3390/cryptography10020021 - 24 Mar 2026

Abstract

Fully homomorphic encryption (FHE) offers a promising solution for privacy-preserving machine learning by enabling arbitrary computations on encrypted data. However, the efficient evaluation of non-linear functions—such as the ReLU activation function over large integers—remains a major obstacle in practical deployments, primarily due to [...] Read more.

Fully homomorphic encryption (FHE) offers a promising solution for privacy-preserving machine learning by enabling arbitrary computations on encrypted data. However, the efficient evaluation of non-linear functions—such as the ReLU activation function over large integers—remains a major obstacle in practical deployments, primarily due to high bootstrapping overhead and limited precision support in existing schemes. In this paper, we propose

LargeIntReLU

, a novel framework that enables efficient homomorphic ReLU evaluation over large integers (7–11 bits) via full-domain bootstrapping. Central to our approach is a signed digit decomposition algorithm,

SignedDecomp

, that partitions a large integer ciphertext into signed 6-bit segments using three new low-level primitives:

LeftShift

,

HomMod

, and

CipherClean

. This decomposition preserves arithmetic consistency, avoids cross-segment carry propagation, and allows parallelized bootstrapping. By segmenting the large integer and processing each chunk independently with optimized small-integer bootstrapping, we achieve homomorphic ReLU with full-domain bootstrapping, which significantly reduces the total number of sequential bootstrapping operations required. The security of our scheme is guaranteed by TFHE. Experimental results demonstrate that the proposed method reduces the bootstrapping cost by an average of 28.58% compared to state-of-the-art approaches while maintaining 95.2% accuracy. With execution times ranging from 1.16 s to 1.62 s across 7–11 bit integers, our work bridges a critical gap toward a scalable and efficient homomorphic ReLU function, which is useful in privacy-preserving machine learning. Furthermore, an end-to-end encrypted inference test on a CNN model with the MNIST dataset confirms its practicality, achieving 88.85% accuracy and demonstrating a complete pipeline for privacy-preserving neural network evaluation. Full article

(This article belongs to the Special Issue Information Security and Privacy—ACISP 2025)

► Show Figures

Figure 1

32 pages, 1091 KB

Open AccessArticle

Securely Scaling Autonomy: The Role of Cryptography in Future Unmanned Aircraft Systems (UASs)

by Paul Rochford, William J. Buchanan, Rich Macfarlane and Madjid Tehrani

Cryptography 2026, 10(2), 20; https://doi.org/10.3390/cryptography10020020 - 20 Mar 2026

Abstract

The decentralisation of autonomous Unmanned Aircraft Systems (UASs) introduces significant challenges in terms of establishing secure communication and consensus in contested, resource-constrained environments. This research addresses these challenges by conducting a comprehensive performance evaluation of two cryptographic technologies: Messaging Layer Security (MLS) for [...] Read more.

The decentralisation of autonomous Unmanned Aircraft Systems (UASs) introduces significant challenges in terms of establishing secure communication and consensus in contested, resource-constrained environments. This research addresses these challenges by conducting a comprehensive performance evaluation of two cryptographic technologies: Messaging Layer Security (MLS) for group key exchange, and threshold signatures (FROST and BLS) for decentralised consensus. Seven leading open-source libraries were methodically assessed through a series of static, network-simulated, and novel bulk-signing benchmarks to measure their computational efficiency and practical resilience. This paper confirms that MLS is a viable solution, capable of supporting the group sizes and throughput requirements of a UAS swarm. It corroborates prior work by identifying the Cisco MLSpp library as unsuitable for dynamic environments due to poorly scaling group management functions, while demonstrating that OpenMLS is a highly performant and scalable alternative. Furthermore, the findings show that operating MLS in a ‘key management’ mode offers a dramatic increase in performance and resilience, a critical trade-off for UAS operations. For consensus, the benchmarks reveal a range of compromises for developers to consider, while identifying the Zcash FROST implementation as the most effective all-around performer for sustained, high-volume use cases due to its balance of security features and efficient verification. Full article

► Show Figures

Figure 1

28 pages, 1682 KB

Open AccessReview

A Scoping Analysis of the Literature on the Use of Hybrid Cryptographic Systems for Data Hiding in Cloud Storage

by Luthando Mletshe, Mnoneleli Nogwina and Colin Chibaya

Cryptography 2026, 10(2), 19; https://doi.org/10.3390/cryptography10020019 - 13 Mar 2026

Abstract

Organizations have been moving on-premises data functionalities to cloud storage environments. The need for advanced hybrid cryptography is deemed a promising solution for securing data on cloud storage. This scoping review explores the application of hybrid cryptographic systems for data hiding in cloud [...] Read more.

Organizations have been moving on-premises data functionalities to cloud storage environments. The need for advanced hybrid cryptography is deemed a promising solution for securing data on cloud storage. This scoping review explores the application of hybrid cryptographic systems for data hiding in cloud storage. It focuses on identifying global research trends, technological approaches, and contextual gaps in implementation. The review systematically examines the literature from major scholarly databases to identify existing models that combine traditional and modern cryptographic techniques to enhance data confidentiality, integrity, and authenticity against cloud-based security threats. Out of the 8250 eligible papers, 24 were included in the review. The findings reveal that the majority of scholarly contributions originate from Asia, averaging 87.5%, as reflected in the distribution of included articles by continent. Particularly, India and China dominate in the space, with a complete absence of studies from Africa, including South Africa. This geographical disparity underscores a significant research gap in the contextualization of hybrid cryptographic frameworks suited to Africa’s unique infrastructural and regulatory environments. The review further reveals a limited focus on the development of lightweight, scalable, and adaptable hybrid cryptographic schemes. Such approaches are essential for addressing challenges related to bandwidth limitations, computational efficiency, and regulatory compliance in developing regions. Consequently, this study contributes by establishing a comprehensive knowledge map of hybrid cryptography for cloud security, emphasizing the necessity for region-specific, context-aware frameworks. The findings provide a foundation for future investigations aimed at developing robust efficient hybrid cryptographic models that can strengthen data security in African cloud infrastructures. Full article

(This article belongs to the Collection Survey of Cryptographic Topics)

► Show Figures

Figure 1

33 pages, 637 KB

Open AccessReview

Cryptographic Foundations of Pseudonymisation for Personal Data Protection

by Konstantinos Limniotis

Cryptography 2026, 10(2), 18; https://doi.org/10.3390/cryptography10020018 - 11 Mar 2026

Abstract

Pseudonymisation constitutes an essential technical and organisational measure for implementing personal data-protection safeguards. Its main goal is to hide identities of individuals, thus reducing data protection and privacy risks through facilitating the fulfilment of several principles such as data minimisation and security. However, [...] Read more.

Pseudonymisation constitutes an essential technical and organisational measure for implementing personal data-protection safeguards. Its main goal is to hide identities of individuals, thus reducing data protection and privacy risks through facilitating the fulfilment of several principles such as data minimisation and security. However, selecting and deploying appropriate pseudonymisation mechanisms in a risk-based approach, tailored to the specific data processing context, remains a non-trivial task. This survey paper aims to present especially how cryptography can be used at the service of pseudonymisation, putting emphasis not only on traditional approaches but also on advanced cryptographic techniques that have been proposed to address special pseudonymisation challenges. To this end, we systematically classify existing approaches according to a taxonomy that captures key design dimensions that are relevant to specific data-protection challenges. Finally, since the notion of pseudonymisation adopted in this work is grounded in European data-protection law, we also discuss recent legal developments, in particular the CJEU’s latest judgment, which refined the interpretation of pseudonymous data. Full article

(This article belongs to the Collection Survey of Cryptographic Topics)

► Show Figures

Figure 1

25 pages, 449 KB

Open AccessReview

A Survey on Classical Lattice Algorithms

by Tongchen Shen and Xiangxue Li

Cryptography 2026, 10(2), 17; https://doi.org/10.3390/cryptography10020017 - 6 Mar 2026

Abstract

The rapid advancement of quantum computing poses a severe threat to traditional public key cryptosystems. Lattice-based cryptography has emerged as a core candidate for post-quantum cryptography due to its presumed quantum resistance, robust security foundations, and functional versatility, with its concrete security relying [...] Read more.

The rapid advancement of quantum computing poses a severe threat to traditional public key cryptosystems. Lattice-based cryptography has emerged as a core candidate for post-quantum cryptography due to its presumed quantum resistance, robust security foundations, and functional versatility, with its concrete security relying on the computational hardness of lattice problems. Existing lattice-based cryptography surveys mainly focus on cryptosystem design, scheme comparisons, and post-quantum cryptography standardization progress, with only cursory coverage of classical lattice algorithms that underpin the concrete security of lattice-based cryptography. We present the first systematic survey of classical lattice algorithms, focusing on two core categories of algorithms for solving lattice problems: approximate algorithms and exact algorithms. The approximate algorithms cover mainstream lattice basis reduction methods such as Lenstra–Lenstra–Lovász (LLL), Block Korkine–Zolotarev (BKZ), and General Sieve Kernel (G6K) algorithms, as well as alternative frameworks. The exact algorithms encompass dominant techniques like enumeration and sieving algorithms, along with alternative strategies. We systematically trace the evolutionary trajectory and inherent logical connections of various algorithms, clarify their core mechanisms, and identify promising future research directions. This survey not only serves as an introductory guide for beginners but also provides a valuable reference for seasoned researchers, facilitating the concrete security evaluation of lattice-based cryptosystems and the design of novel lattice algorithms. Full article

(This article belongs to the Section Cryptography Reviews)

► Show Figures

Figure 1

34 pages, 13258 KB

Open AccessArticle

A Robust Image Encryption Framework Using Deep Feature Extraction and AES Key Optimization

by Sahara A. S. Almola, Hameed A. Younis and Raidah S. Khudeyer

Cryptography 2026, 10(2), 16; https://doi.org/10.3390/cryptography10020016 - 2 Mar 2026

Abstract

This article presents a novel framework for encrypting color images to enhance digital data security using deep learning and artificial intelligence techniques. The system employs a two-model neural architecture: the first, a Convolutional Neural Network (CNN), verifies sender authenticity during user authentication, while [...] Read more.

This article presents a novel framework for encrypting color images to enhance digital data security using deep learning and artificial intelligence techniques. The system employs a two-model neural architecture: the first, a Convolutional Neural Network (CNN), verifies sender authenticity during user authentication, while the second extracts unique fingerprint features. These features are converted into high-entropy encryption keys using Particle Swarm Optimization (PSO), minimizing key similarity and ensuring that no key is reused or transmitted. Keys are generated in real time simultaneously at both the sender and receiver ends, preventing interception or leakage and providing maximum confidentiality. Encrypted images are secured using the Advanced Encryption Standard (AES-256) with keys uniquely bound to each user’s biometric identity, ensuring personalized privacy. Evaluation using security and encryption metrics yielded strong results: entropy of 7.9991, correlation coefficient below 0.00001, NPCR of 99.66%, UACI of 33.9069%, and key space of 2²⁵⁶. Although the final encryption employs an AES-256 key (key space of 2²⁵⁶), this key is derived from a much larger deep-key space of 2⁸¹⁹² generated by multi-layer neural feature extraction and optimized via PSO, thereby significantly enhancing the overall cryptographic strength. The system also demonstrated robustness against common attacks, including noise and cropping, while maintaining recoverable original content. Furthermore, the neural models achieved classification accuracy exceeding 99.83% with an error rate below 0.05%, confirming the framework’s reliability and practical applicability. This approach provides a secure, dynamic, and efficient image encryption paradigm, combining biometric authentication and AI-based feature extraction for advanced cybersecurity applications. Full article

► Show Figures

Figure 1

22 pages, 1052 KB

Open AccessArticle

Performance Evaluation of NIST-Standardized Post-Quantum and Symmetric Ciphers for Mitigating Deepfakes

by Mohammad Alkhatib

Cryptography 2026, 10(2), 15; https://doi.org/10.3390/cryptography10020015 - 26 Feb 2026

Abstract

Deepfake technology can produce highly realistic manipulated media which pose as significant cybersecurity threats, including fraud, misinformation, and privacy violations. This research proposes a deepfake prevention approach based on symmetric and asymmetric ciphers. Post-quantum asymmetric ciphers were utilized to perform digital signature operations, [...] Read more.

Deepfake technology can produce highly realistic manipulated media which pose as significant cybersecurity threats, including fraud, misinformation, and privacy violations. This research proposes a deepfake prevention approach based on symmetric and asymmetric ciphers. Post-quantum asymmetric ciphers were utilized to perform digital signature operations, which offer essential security services, including integrity, authentication, and non-repudiation. Symmetric ciphers were also employed to provide confidentiality and authentication. Unlike classical ciphers that are vulnerable to quantum attacks, this study adopts quantum-resilient ciphers to offer long-term security. The proposed approach enables entities to digitally sign media content before public release on other platforms. End users can subsequently verify the authenticity of content using the public keys of the media creators. To identify the most efficient ciphers to perform cryptography operations required for deepfake prevention, the study explores the implementation of quantum-resilient symmetric and asymmetric ciphers standardized by NIST, including Dilithium, Falcon, SPHINCS+, and Ascon-80pq. Additionally, this research provides comprehensive comparisons between the various classical and post-quantum ciphers in both categories: symmetric and asymmetric. Experimental results revealed that Dilithium-5 and Falcon-512 algorithms outperform other post-quantum ciphers, with a time delay of 2.50 and 251 ms, respectively, for digital signature operations. The Falcon-512 algorithm also demonstrates superior resource efficiency, making it a cost-effective choice for digital signature operations. With respect to symmetric ciphers, Ascon-80pq achieved the lowest time consumption, taking just 0.015 ms to perform encryption and decryption operations. Also, it is a significant option for constrained devices, since it consumes fewer resources compared to standard symmetric ciphers, such as AES. Through comprehensive evaluations and comparisons of various symmetric and asymmetric ciphers, this study serves as a blueprint to identify the most efficient ciphers to perform the cryptography operations necessary for deepfake prevention. Full article

► Show Figures

Figure 1

25 pages, 400 KB

Open AccessArticle

Strong Non-Transferability from Randomizable Universal Designated Verifier Signatures

by Magdalena Bertram, Benjamin Zengin, Nicolas Buchmann and Marian Margraf

Cryptography 2026, 10(1), 14; https://doi.org/10.3390/cryptography10010014 - 18 Feb 2026

Abstract

In the context of digital certification systems, the demand for privacy-preserving authentication is increasingly vital, particularly for critical applications that involve sensitive personal data. Traditional digital signatures provide a robust means of implementing such systems. However, they raise significant privacy concerns due to [...] Read more.

In the context of digital certification systems, the demand for privacy-preserving authentication is increasingly vital, particularly for critical applications that involve sensitive personal data. Traditional digital signatures provide a robust means of implementing such systems. However, they raise significant privacy concerns due to their public verifiability, which allows verifiers to prove the authenticity of the received sensitive data to third parties. Universal designated verifier signature (UDVS) schemes address these privacy risks by offering non-transferability, ensuring that only the specified verifier can confirm the validity of the designated verifier signature (DVS). However, despite their advantages, existing UDVS models exhibit vulnerabilities that may allow tracking of the user’s authentications among cooperating verifiers and enable third parties to be convinced of the authenticity of sensitive user data by retrieving DVSs from different, non-cooperating verifiers. This paper presents a strategy to achieve strong non-transferability, which effectively addresses these vulnerabilities, by being the first to extend the concept of randomizability to UDVS schemes and their security properties. Our findings demonstrate that a randomizable UDVS scheme can serve as a solid foundation for constructing strong non-transferable UDVS schemes. Finally, we propose an efficient, strong, non-transferable UDVS scheme as an instantiation of our strategy, utilizing state-of-the-art Type 3 pairings, significantly improving upon previous constructions. Full article

Journal Description

Cryptography

Latest Articles

Journal Menu

Journal Browser

Highly Accessed Articles

Latest Books

E-Mail Alert

News

Topics

Conferences

Special Issues

Topical Collections

Further Information

Guidelines

MDPI Initiatives

Follow MDPI